Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-33321)

Description

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.

Remediation

References

Related Vulnerabilities

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-8769)

MySQL CVE-2016-5632 Vulnerability (CVE-2016-5632)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Unspecified Vulnerability (2.8.9)

WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (4.5.0)

Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3082)

Severity

High

Classification

CVE-2021-33321 CWE-640 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities